Community discussions

 
abdalnoor
just joined
Topic Author
Posts: 2
Joined: Tue Oct 08, 2019 3:00 pm

VPN PPTP

Tue Oct 08, 2019 3:15 pm

i need to config PPTP server using my router board 952 and when i connect using vpn from my pc windows 10 and can't reach my local network e.g my dvr 192.168.7.10 and can only access the routerboard , and below is the export from my router board


/interface bridge
add arp=proxy-arp name="BR - DHCP" protocol-mode=none
add name="BR - MGM" protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    10.25.240.170 name="01 - Main"
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    192.168.7.10 name="02 - DVR"
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name="03 - "
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name="04 - "
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name="05 - "
/interface pppoe-client
add add-default-route=yes disabled=no interface="BR - MGM" keepalive-timeout=\
    disabled name=pppoe-out1 password=nnn user=n@n
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=profile1 \
    supplicant-identity="" wpa-pre-shared-key=12345678 wpa2-pre-shared-key=\
    12345678
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no hide-ssid=yes mode=ap-bridge name="wlan1 - 2G" \
    security-profile=profile1 ssid=MikroTik2G
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee \
    disabled=no hide-ssid=yes mode=ap-bridge name="wlan2 - 5G" \
    security-profile=profile1 ssid=MikroTik5G
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.7.100-192.168.7.254
add name="VPN Pool" ranges=192.168.7.50-192.168.7.60
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface="BR - DHCP" name=dhcp1
/ppp profile
add dns-server=8.8.8.8 local-address=192.168.7.1 name=profile1 remote-address=\
    "VPN Pool"
/interface bridge port
add bridge="BR - DHCP" hw=no interface="02 - DVR"
add bridge="BR - DHCP" hw=no interface="03 - "
add bridge="BR - DHCP" hw=no interface="04 - "
add bridge="BR - DHCP" hw=no interface="05 - "
add bridge="BR - DHCP" interface="wlan1 - 2G"
add bridge="BR - DHCP" interface="wlan2 - 5G"
add bridge="BR - MGM" hw=no interface="01 - Main"
/interface pptp-server server
set authentication=mschap2 enabled=yes
/ip address
add address=10.25.240.171/24 interface="01 - Main" network=10.25.240.0
add address=192.168.7.1/24 interface="BR - DHCP" network=192.168.7.0
/ip dhcp-server network
add address=192.168.7.0/24 dns-server=109.224.14.2,109.224.14.3 gateway=\
    192.168.7.1
/ip firewall filter
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=R7 passthrough=yes \
    src-address=192.168.7.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
    192.168.7.0/24
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=R7
add distance=1 dst-address=10.25.240.0/24 gateway="BR - MGM" routing-mark=R7
add distance=1 dst-address=192.168.7.0/24 gateway="BR - DHCP" routing-mark=R7
add distance=1 gateway=10.25.240.1
add distance=1 dst-address=216.239.35.12/32 gateway=pppoe-out1
/ppp secret
add name=abdulnoor password=11111111 profile=profile1
Last edited by krisjanisj on Tue Oct 08, 2019 3:16 pm, edited 1 time in total.
Reason: Please post configs/code in [code] blocks to save peoples scroll wheels
 
Sob
Forum Guru
Forum Guru
Posts: 4684
Joined: Mon Apr 20, 2009 9:11 pm

Re: VPN PPTP  [SOLVED]

Tue Oct 08, 2019 9:33 pm

It's because all response packets from 192.168.7.0/24 get routing mark R7 and they are routed back to "BR - DHCP" interface instead of to VPN client. At first sight the whole part with routing marks seems completely useless, so unless you have some good reason to have it, just get rid of it and everything should work.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
Zacharias
Member
Member
Posts: 458
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: VPN PPTP

Tue Oct 08, 2019 10:31 pm

Sob is right... why that mangle rule and all those routing marks?
 
abdalnoor
just joined
Topic Author
Posts: 2
Joined: Tue Oct 08, 2019 3:00 pm

Re: VPN PPTP

Wed Oct 09, 2019 11:05 am

It's because all response packets from 192.168.7.0/24 get routing mark R7 and they are routed back to "BR - DHCP" interface instead of to VPN client. At first sight the whole part with routing marks seems completely useless, so unless you have some good reason to have it, just get rid of it and everything should work.
thanks for your replay it's solved my issue , and for these mangles i used the pppoe client and route my local traffic to this pppoe and when i disabled these static routes there no internet but i can access my DVR , so i cannot get rid of them

Who is online

Users browsing this forum: Google [Bot] and 90 guests